npm - @dotsetlabs/tollgate - Versions diffs - 0.2.2 → 0.3.0 - Mend

@dotsetlabs/tollgate 0.2.2 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (194) hide show

package/README.md +138 -0
package/dist/analyzers/filesystem.d.ts +5 -0
package/dist/analyzers/filesystem.d.ts.map +1 -1
package/dist/analyzers/filesystem.js +61 -7
package/dist/analyzers/filesystem.js.map +1 -1
package/dist/analyzers/loader.d.ts +5 -0
package/dist/analyzers/loader.d.ts.map +1 -1
package/dist/analyzers/loader.js +112 -6
package/dist/analyzers/loader.js.map +1 -1
package/dist/analyzers/prompt-injection.d.ts +1 -0
package/dist/analyzers/prompt-injection.d.ts.map +1 -1
package/dist/analyzers/prompt-injection.js +48 -2
package/dist/analyzers/prompt-injection.js.map +1 -1
package/dist/analyzers/shell.d.ts +8 -0
package/dist/analyzers/shell.d.ts.map +1 -1
package/dist/analyzers/shell.js +109 -8
package/dist/analyzers/shell.js.map +1 -1
package/dist/analyzers/sql.d.ts.map +1 -1
package/dist/analyzers/sql.js +8 -7
package/dist/analyzers/sql.js.map +1 -1
package/dist/approval/interactive.d.ts +1 -1
package/dist/approval/interactive.d.ts.map +1 -1
package/dist/approval/interactive.js +13 -1
package/dist/approval/interactive.js.map +1 -1
package/dist/approval/rate-limiter.d.ts +115 -0
package/dist/approval/rate-limiter.d.ts.map +1 -0
package/dist/approval/rate-limiter.js +200 -0
package/dist/approval/rate-limiter.js.map +1 -0
package/dist/approval/url-validator.d.ts +51 -0
package/dist/approval/url-validator.d.ts.map +1 -0
package/dist/approval/url-validator.js +184 -0
package/dist/approval/url-validator.js.map +1 -0
package/dist/approval/webhook.d.ts +48 -0
package/dist/approval/webhook.d.ts.map +1 -1
package/dist/approval/webhook.js +89 -0
package/dist/approval/webhook.js.map +1 -1
package/dist/audit/integrity.d.ts +107 -0
package/dist/audit/integrity.d.ts.map +1 -0
package/dist/audit/integrity.js +191 -0
package/dist/audit/integrity.js.map +1 -0
package/dist/audit/logger.d.ts.map +1 -1
package/dist/audit/logger.js +6 -5
package/dist/audit/logger.js.map +1 -1
package/dist/audit/redaction.js +6 -4
package/dist/audit/redaction.js.map +1 -1
package/dist/cli/commands/guard.d.ts +97 -0
package/dist/cli/commands/guard.d.ts.map +1 -0
package/dist/cli/commands/guard.js +456 -0
package/dist/cli/commands/guard.js.map +1 -0
package/dist/cli/commands/serve.js +1 -1
package/dist/cli/commands/serve.js.map +1 -1
package/dist/cli/index.js +3 -0
package/dist/cli/index.js.map +1 -1
package/dist/cli/input-validation.d.ts +83 -0
package/dist/cli/input-validation.d.ts.map +1 -0
package/dist/cli/input-validation.js +237 -0
package/dist/cli/input-validation.js.map +1 -0
package/dist/cli/ui.js +2 -2
package/dist/cli/ui.js.map +1 -1
package/dist/guard/alternatives/index.d.ts +68 -0
package/dist/guard/alternatives/index.d.ts.map +1 -0
package/dist/guard/alternatives/index.js +224 -0
package/dist/guard/alternatives/index.js.map +1 -0
package/dist/guard/alternatives/registry.d.ts +16 -0
package/dist/guard/alternatives/registry.d.ts.map +1 -0
package/dist/guard/alternatives/registry.js +518 -0
package/dist/guard/alternatives/registry.js.map +1 -0
package/dist/guard/alternatives/types.d.ts +86 -0
package/dist/guard/alternatives/types.d.ts.map +1 -0
package/dist/guard/alternatives/types.js +5 -0
package/dist/guard/alternatives/types.js.map +1 -0
package/dist/guard/approval/enhanced-terminal.d.ts +110 -0
package/dist/guard/approval/enhanced-terminal.d.ts.map +1 -0
package/dist/guard/approval/enhanced-terminal.js +387 -0
package/dist/guard/approval/enhanced-terminal.js.map +1 -0
package/dist/guard/config.d.ts +80 -0
package/dist/guard/config.d.ts.map +1 -0
package/dist/guard/config.js +260 -0
package/dist/guard/config.js.map +1 -0
package/dist/guard/context/directory.d.ts +35 -0
package/dist/guard/context/directory.d.ts.map +1 -0
package/dist/guard/context/directory.js +243 -0
package/dist/guard/context/directory.js.map +1 -0
package/dist/guard/context/environment.d.ts +31 -0
package/dist/guard/context/environment.d.ts.map +1 -0
package/dist/guard/context/environment.js +204 -0
package/dist/guard/context/environment.js.map +1 -0
package/dist/guard/context/git.d.ts +52 -0
package/dist/guard/context/git.d.ts.map +1 -0
package/dist/guard/context/git.js +278 -0
package/dist/guard/context/git.js.map +1 -0
package/dist/guard/context/index.d.ts +64 -0
package/dist/guard/context/index.d.ts.map +1 -0
package/dist/guard/context/index.js +227 -0
package/dist/guard/context/index.js.map +1 -0
package/dist/guard/context/project.d.ts +47 -0
package/dist/guard/context/project.d.ts.map +1 -0
package/dist/guard/context/project.js +281 -0
package/dist/guard/context/project.js.map +1 -0
package/dist/guard/context/types.d.ts +152 -0
package/dist/guard/context/types.d.ts.map +1 -0
package/dist/guard/context/types.js +7 -0
package/dist/guard/context/types.js.map +1 -0
package/dist/guard/engine.d.ts +107 -0
package/dist/guard/engine.d.ts.map +1 -0
package/dist/guard/engine.js +430 -0
package/dist/guard/engine.js.map +1 -0
package/dist/guard/enhanced-engine.d.ts +151 -0
package/dist/guard/enhanced-engine.d.ts.map +1 -0
package/dist/guard/enhanced-engine.js +622 -0
package/dist/guard/enhanced-engine.js.map +1 -0
package/dist/guard/hooks/index.d.ts +50 -0
package/dist/guard/hooks/index.d.ts.map +1 -0
package/dist/guard/hooks/index.js +325 -0
package/dist/guard/hooks/index.js.map +1 -0
package/dist/guard/index.d.ts +29 -0
package/dist/guard/index.d.ts.map +1 -0
package/dist/guard/index.js +31 -0
package/dist/guard/index.js.map +1 -0
package/dist/guard/learning/index.d.ts +136 -0
package/dist/guard/learning/index.d.ts.map +1 -0
package/dist/guard/learning/index.js +314 -0
package/dist/guard/learning/index.js.map +1 -0
package/dist/guard/learning/pattern-extractor.d.ts +50 -0
package/dist/guard/learning/pattern-extractor.d.ts.map +1 -0
package/dist/guard/learning/pattern-extractor.js +372 -0
package/dist/guard/learning/pattern-extractor.js.map +1 -0
package/dist/guard/learning/rule-suggester.d.ts +67 -0
package/dist/guard/learning/rule-suggester.d.ts.map +1 -0
package/dist/guard/learning/rule-suggester.js +345 -0
package/dist/guard/learning/rule-suggester.js.map +1 -0
package/dist/guard/learning/types.d.ts +211 -0
package/dist/guard/learning/types.d.ts.map +1 -0
package/dist/guard/learning/types.js +18 -0
package/dist/guard/learning/types.js.map +1 -0
package/dist/guard/preview/effects.d.ts +15 -0
package/dist/guard/preview/effects.d.ts.map +1 -0
package/dist/guard/preview/effects.js +413 -0
package/dist/guard/preview/effects.js.map +1 -0
package/dist/guard/preview/index.d.ts +49 -0
package/dist/guard/preview/index.d.ts.map +1 -0
package/dist/guard/preview/index.js +196 -0
package/dist/guard/preview/index.js.map +1 -0
package/dist/guard/preview/parser.d.ts +34 -0
package/dist/guard/preview/parser.d.ts.map +1 -0
package/dist/guard/preview/parser.js +292 -0
package/dist/guard/preview/parser.js.map +1 -0
package/dist/guard/preview/types.d.ts +140 -0
package/dist/guard/preview/types.d.ts.map +1 -0
package/dist/guard/preview/types.js +5 -0
package/dist/guard/preview/types.js.map +1 -0
package/dist/guard/reversibility/index.d.ts +88 -0
package/dist/guard/reversibility/index.d.ts.map +1 -0
package/dist/guard/reversibility/index.js +310 -0
package/dist/guard/reversibility/index.js.map +1 -0
package/dist/guard/types.d.ts +192 -0
package/dist/guard/types.d.ts.map +1 -0
package/dist/guard/types.js +8 -0
package/dist/guard/types.js.map +1 -0
package/dist/index.d.ts +10 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.js +24 -0
package/dist/index.js.map +1 -1
package/dist/orchestrator/manager.d.ts.map +1 -1
package/dist/orchestrator/manager.js +6 -1
package/dist/orchestrator/manager.js.map +1 -1
package/dist/policy/engine.d.ts.map +1 -1
package/dist/policy/engine.js +11 -3
package/dist/policy/engine.js.map +1 -1
package/dist/policy/parser.d.ts.map +1 -1
package/dist/policy/parser.js +3 -0
package/dist/policy/parser.js.map +1 -1
package/dist/proxy/server.d.ts.map +1 -1
package/dist/proxy/server.js +8 -6
package/dist/proxy/server.js.map +1 -1
package/dist/session/manager.d.ts +2 -2
package/dist/session/manager.d.ts.map +1 -1
package/dist/session/manager.js +106 -88
package/dist/session/manager.js.map +1 -1
package/dist/session/signing.d.ts +88 -0
package/dist/session/signing.d.ts.map +1 -0
package/dist/session/signing.js +166 -0
package/dist/session/signing.js.map +1 -0
package/dist/session/types.d.ts +2 -0
package/dist/session/types.d.ts.map +1 -1
package/dist/session/types.js.map +1 -1
package/dist/utils/security-logger.d.ts +146 -0
package/dist/utils/security-logger.d.ts.map +1 -0
package/dist/utils/security-logger.js +222 -0
package/dist/utils/security-logger.js.map +1 -0
package/dist/wizard.d.ts.map +1 -1
package/dist/wizard.js +7 -1
package/dist/wizard.js.map +1 -1
package/package.json +3 -2

package/dist/guard/hooks/index.d.ts ADDED Viewed

@@ -0,0 +1,50 @@
+/**
+ * Shell Hook Generator for Tollgate Guard
+ *
+ * Generates shell-specific hook scripts that intercept commands
+ * before execution and route them through Tollgate Guard.
+ */
+/**
+ * Bash hook script using bash-preexec pattern.
+ *
+ * This script:
+ * 1. Defines a preexec function that intercepts commands
+ * 2. Calls `tollgate guard check` for non-trivial commands
+ * 3. Blocks execution if check fails (exit code != 0)
+ * 4. Provides helper functions for enable/disable/status
+ */
+export declare const BASH_HOOK = "# Tollgate Guard - Bash Hook\n# Usage: eval \"$(tollgate guard hook bash)\"\n# Or add to ~/.bashrc: eval \"$(tollgate guard hook bash)\"\n\n# Skip if already installed\n[[ -n \"$__TOLLGATE_GUARD_INSTALLED\" ]] && return 0\n\n__tollgate_guard_preexec() {\n    # Skip if disabled\n    [[ -n \"$TOLLGATE_GUARD_DISABLED\" ]] && return 0\n\n    # Skip empty commands\n    [[ -z \"$1\" ]] && return 0\n\n    # Skip if already in guard process (prevent recursion)\n    [[ -n \"$__TOLLGATE_GUARD_RUNNING\" ]] && return 0\n\n    local cmd=\"$1\"\n\n    # Fast path: skip common safe commands for performance\n    case \"${cmd%% *}\" in\n        ls|cd|pwd|echo|cat|less|more|head|tail|grep|find|which|type|man|help|history|alias)\n            return 0\n            ;;\n        # Git read-only commands\n        \"git status\"|\"git diff\"|\"git log\"|\"git branch\"|\"git show\")\n            return 0\n            ;;\n    esac\n\n    export __TOLLGATE_GUARD_RUNNING=1\n\n    # Call tollgate guard check\n    # Use /dev/tty for I/O to work even when stdout is redirected\n    if ! tollgate guard check \"$cmd\" </dev/tty 2>/dev/tty; then\n        unset __TOLLGATE_GUARD_RUNNING\n        # Kill the current command by sending SIGINT\n        kill -INT $$\n        return 1\n    fi\n\n    unset __TOLLGATE_GUARD_RUNNING\n    return 0\n}\n\n# Install hook using bash-preexec if available\nif declare -F preexec_functions &>/dev/null 2>&1; then\n    preexec_functions+=(__tollgate_guard_preexec)\nelse\n    # Fallback: use DEBUG trap\n    # Note: This runs for every simple command, which can be noisy\n    # for scripts. bash-preexec is preferred.\n    __tollgate_original_debug_trap=$(trap -p DEBUG 2>/dev/null || true)\n    trap '__tollgate_guard_preexec \"$BASH_COMMAND\"' DEBUG\nfi\n\n__TOLLGATE_GUARD_INSTALLED=1\n\n# Helper functions\ntollgate-guard-disable() {\n    export TOLLGATE_GUARD_DISABLED=1\n    echo \"Tollgate Guard disabled for this session\"\n}\n\ntollgate-guard-enable() {\n    unset TOLLGATE_GUARD_DISABLED\n    echo \"Tollgate Guard enabled\"\n}\n\ntollgate-guard-status() {\n    if [[ -n \"$TOLLGATE_GUARD_DISABLED\" ]]; then\n        echo \"Tollgate Guard: DISABLED\"\n    else\n        echo \"Tollgate Guard: ENABLED\"\n    fi\n    tollgate guard sessions 2>/dev/null || true\n}\n";
+/**
+ * Zsh hook script using accept-line widget override.
+ *
+ * This is more reliable than preexec in Zsh because it intercepts
+ * at the input level, before the command is even parsed.
+ */
+export declare const ZSH_HOOK = "# Tollgate Guard - Zsh Hook\n# Usage: eval \"$(tollgate guard hook zsh)\"\n# Or add to ~/.zshrc: eval \"$(tollgate guard hook zsh)\"\n\n# Skip if already installed\n[[ -n \"$__TOLLGATE_GUARD_INSTALLED\" ]] && return 0\n\n__tollgate_guard_accept_line() {\n    # Skip if disabled\n    [[ -n \"$TOLLGATE_GUARD_DISABLED\" ]] && { zle .accept-line; return }\n\n    # Skip empty buffer\n    [[ -z \"$BUFFER\" ]] && { zle .accept-line; return }\n\n    # Skip if already checking (prevent recursion)\n    [[ -n \"$__TOLLGATE_GUARD_RUNNING\" ]] && { zle .accept-line; return }\n\n    local cmd=\"$BUFFER\"\n\n    # Fast path: skip common safe commands\n    case \"${cmd%% *}\" in\n        ls|cd|pwd|echo|cat|less|more|head|tail|grep|find|which|type|man|help|history|alias)\n            zle .accept-line\n            return\n            ;;\n    esac\n\n    # Fast path for git read-only\n    case \"$cmd\" in\n        \"git status\"*|\"git diff\"*|\"git log\"*|\"git branch\"*|\"git show\"*)\n            zle .accept-line\n            return\n            ;;\n    esac\n\n    __TOLLGATE_GUARD_RUNNING=1\n\n    # Call tollgate guard check\n    # Use /dev/tty for I/O since we're in a widget\n    if tollgate guard check \"$cmd\" </dev/tty 2>/dev/tty; then\n        unset __TOLLGATE_GUARD_RUNNING\n        zle .accept-line\n    else\n        unset __TOLLGATE_GUARD_RUNNING\n        # Clear the buffer and show message\n        BUFFER=\"\"\n        zle redisplay\n        echo \"\\nCommand cancelled by Tollgate Guard\" >/dev/tty\n    fi\n}\n\n# Override accept-line widget\n# The dot prefix (.accept-line) calls the built-in version\nzle -N accept-line __tollgate_guard_accept_line\n\n__TOLLGATE_GUARD_INSTALLED=1\n\n# Helper functions\ntollgate-guard-disable() {\n    export TOLLGATE_GUARD_DISABLED=1\n    echo \"Tollgate Guard disabled for this session\"\n}\n\ntollgate-guard-enable() {\n    unset TOLLGATE_GUARD_DISABLED\n    echo \"Tollgate Guard enabled\"\n}\n\ntollgate-guard-status() {\n    if [[ -n \"$TOLLGATE_GUARD_DISABLED\" ]]; then\n        echo \"Tollgate Guard: DISABLED\"\n    else\n        echo \"Tollgate Guard: ENABLED\"\n    fi\n    tollgate guard sessions 2>/dev/null || true\n}\n";
+/**
+ * Fish hook script using key binding.
+ *
+ * Fish doesn't support true preexec that can cancel commands,
+ * so we bind Enter to a custom function.
+ */
+export declare const FISH_HOOK = "# Tollgate Guard - Fish Hook\n# Usage: tollgate guard hook fish | source\n# Or add to ~/.config/fish/config.fish: tollgate guard hook fish | source\n\n# Skip if already installed\nset -q __TOLLGATE_GUARD_INSTALLED; and exit 0\n\nfunction __tollgate_guard_check\n    # Skip if disabled\n    set -q TOLLGATE_GUARD_DISABLED; and return 0\n\n    # Skip empty command\n    set -l cmd (commandline -b)\n    test -z \"$cmd\"; and return 0\n\n    # Skip if already running\n    set -q __TOLLGATE_GUARD_RUNNING; and return 0\n\n    # Fast path for safe commands\n    set -l first_word (string split ' ' -- $cmd)[1]\n    switch $first_word\n        case ls cd pwd echo cat less more head tail grep find which type man help history alias\n            return 0\n    end\n\n    # Fast path for git read-only\n    switch $cmd\n        case \"git status*\" \"git diff*\" \"git log*\" \"git branch*\" \"git show*\"\n            return 0\n    end\n\n    set -g __TOLLGATE_GUARD_RUNNING 1\n\n    # Call tollgate guard check\n    if tollgate guard check \"$cmd\" </dev/tty 2>/dev/tty\n        set -e __TOLLGATE_GUARD_RUNNING\n        return 0\n    else\n        set -e __TOLLGATE_GUARD_RUNNING\n        commandline \"\"\n        echo \"Command cancelled by Tollgate Guard\"\n        return 1\n    end\nend\n\nfunction __tollgate_guard_execute\n    if __tollgate_guard_check\n        commandline -f execute\n    end\nend\n\n# Bind Enter key to our function\nbind \\r __tollgate_guard_execute\nbind \\n __tollgate_guard_execute\n\nset -g __TOLLGATE_GUARD_INSTALLED 1\n\n# Helper functions\nfunction tollgate-guard-disable\n    set -gx TOLLGATE_GUARD_DISABLED 1\n    echo \"Tollgate Guard disabled for this session\"\nend\n\nfunction tollgate-guard-enable\n    set -e TOLLGATE_GUARD_DISABLED\n    echo \"Tollgate Guard enabled\"\nend\n\nfunction tollgate-guard-status\n    if set -q TOLLGATE_GUARD_DISABLED\n        echo \"Tollgate Guard: DISABLED\"\n    else\n        echo \"Tollgate Guard: ENABLED\"\n    end\n    tollgate guard sessions 2>/dev/null; or true\nend\n";
+/**
+ * Get the appropriate hook script for a shell.
+ *
+ * @param shell - Shell type (bash, zsh, fish)
+ * @returns Hook script content
+ */
+export declare function getHookScript(shell: string): string;
+/**
+ * Detect the current shell from environment.
+ */
+export declare function detectShell(): string;
+/**
+ * Get the shell configuration file path.
+ */
+export declare function getShellConfigPath(shell: string): string;
+/**
+ * Generate the line to add to shell config.
+ */
+export declare function getConfigLine(shell: string): string;
+//# sourceMappingURL=index.d.ts.map

package/dist/guard/hooks/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/guard/hooks/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;;;;;;;GAQG;AACH,eAAO,MAAM,SAAS,yvEA6ErB,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,QAAQ,ipEA4EpB,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,SAAS,kgEA4ErB,CAAC;AAEF;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAWnD;AAED;;GAEG;AACH,wBAAgB,WAAW,IAAI,MAAM,CAepC;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAaxD;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAUnD"}

package/dist/guard/hooks/index.js ADDED Viewed

@@ -0,0 +1,325 @@
+/**
+ * Shell Hook Generator for Tollgate Guard
+ *
+ * Generates shell-specific hook scripts that intercept commands
+ * before execution and route them through Tollgate Guard.
+ */
+/**
+ * Bash hook script using bash-preexec pattern.
+ *
+ * This script:
+ * 1. Defines a preexec function that intercepts commands
+ * 2. Calls `tollgate guard check` for non-trivial commands
+ * 3. Blocks execution if check fails (exit code != 0)
+ * 4. Provides helper functions for enable/disable/status
+ */
+export const BASH_HOOK = `# Tollgate Guard - Bash Hook
+# Usage: eval "$(tollgate guard hook bash)"
+# Or add to ~/.bashrc: eval "$(tollgate guard hook bash)"
+# Skip if already installed
+[[ -n "$__TOLLGATE_GUARD_INSTALLED" ]] && return 0
+__tollgate_guard_preexec() {
+    # Skip if disabled
+    [[ -n "$TOLLGATE_GUARD_DISABLED" ]] && return 0
+    # Skip empty commands
+    [[ -z "$1" ]] && return 0
+    # Skip if already in guard process (prevent recursion)
+    [[ -n "$__TOLLGATE_GUARD_RUNNING" ]] && return 0
+    local cmd="$1"
+    # Fast path: skip common safe commands for performance
+    case "\${cmd%% *}" in
+        ls|cd|pwd|echo|cat|less|more|head|tail|grep|find|which|type|man|help|history|alias)
+            return 0
+            ;;
+        # Git read-only commands
+        "git status"|"git diff"|"git log"|"git branch"|"git show")
+            return 0
+            ;;
+    esac
+    export __TOLLGATE_GUARD_RUNNING=1
+    # Call tollgate guard check
+    # Use /dev/tty for I/O to work even when stdout is redirected
+    if ! tollgate guard check "$cmd" </dev/tty 2>/dev/tty; then
+        unset __TOLLGATE_GUARD_RUNNING
+        # Kill the current command by sending SIGINT
+        kill -INT $$
+        return 1
+    fi
+    unset __TOLLGATE_GUARD_RUNNING
+    return 0
+}
+# Install hook using bash-preexec if available
+if declare -F preexec_functions &>/dev/null 2>&1; then
+    preexec_functions+=(__tollgate_guard_preexec)
+else
+    # Fallback: use DEBUG trap
+    # Note: This runs for every simple command, which can be noisy
+    # for scripts. bash-preexec is preferred.
+    __tollgate_original_debug_trap=$(trap -p DEBUG 2>/dev/null || true)
+    trap '__tollgate_guard_preexec "$BASH_COMMAND"' DEBUG
+fi
+__TOLLGATE_GUARD_INSTALLED=1
+# Helper functions
+tollgate-guard-disable() {
+    export TOLLGATE_GUARD_DISABLED=1
+    echo "Tollgate Guard disabled for this session"
+}
+tollgate-guard-enable() {
+    unset TOLLGATE_GUARD_DISABLED
+    echo "Tollgate Guard enabled"
+}
+tollgate-guard-status() {
+    if [[ -n "$TOLLGATE_GUARD_DISABLED" ]]; then
+        echo "Tollgate Guard: DISABLED"
+    else
+        echo "Tollgate Guard: ENABLED"
+    fi
+    tollgate guard sessions 2>/dev/null || true
+}
+`;
+/**
+ * Zsh hook script using accept-line widget override.
+ *
+ * This is more reliable than preexec in Zsh because it intercepts
+ * at the input level, before the command is even parsed.
+ */
+export const ZSH_HOOK = `# Tollgate Guard - Zsh Hook
+# Usage: eval "$(tollgate guard hook zsh)"
+# Or add to ~/.zshrc: eval "$(tollgate guard hook zsh)"
+# Skip if already installed
+[[ -n "$__TOLLGATE_GUARD_INSTALLED" ]] && return 0
+__tollgate_guard_accept_line() {
+    # Skip if disabled
+    [[ -n "$TOLLGATE_GUARD_DISABLED" ]] && { zle .accept-line; return }
+    # Skip empty buffer
+    [[ -z "$BUFFER" ]] && { zle .accept-line; return }
+    # Skip if already checking (prevent recursion)
+    [[ -n "$__TOLLGATE_GUARD_RUNNING" ]] && { zle .accept-line; return }
+    local cmd="$BUFFER"
+    # Fast path: skip common safe commands
+    case "\${cmd%% *}" in
+        ls|cd|pwd|echo|cat|less|more|head|tail|grep|find|which|type|man|help|history|alias)
+            zle .accept-line
+            return
+            ;;
+    esac
+    # Fast path for git read-only
+    case "$cmd" in
+        "git status"*|"git diff"*|"git log"*|"git branch"*|"git show"*)
+            zle .accept-line
+            return
+            ;;
+    esac
+    __TOLLGATE_GUARD_RUNNING=1
+    # Call tollgate guard check
+    # Use /dev/tty for I/O since we're in a widget
+    if tollgate guard check "$cmd" </dev/tty 2>/dev/tty; then
+        unset __TOLLGATE_GUARD_RUNNING
+        zle .accept-line
+    else
+        unset __TOLLGATE_GUARD_RUNNING
+        # Clear the buffer and show message
+        BUFFER=""
+        zle redisplay
+        echo "\\nCommand cancelled by Tollgate Guard" >/dev/tty
+    fi
+}
+# Override accept-line widget
+# The dot prefix (.accept-line) calls the built-in version
+zle -N accept-line __tollgate_guard_accept_line
+__TOLLGATE_GUARD_INSTALLED=1
+# Helper functions
+tollgate-guard-disable() {
+    export TOLLGATE_GUARD_DISABLED=1
+    echo "Tollgate Guard disabled for this session"
+}
+tollgate-guard-enable() {
+    unset TOLLGATE_GUARD_DISABLED
+    echo "Tollgate Guard enabled"
+}
+tollgate-guard-status() {
+    if [[ -n "$TOLLGATE_GUARD_DISABLED" ]]; then
+        echo "Tollgate Guard: DISABLED"
+    else
+        echo "Tollgate Guard: ENABLED"
+    fi
+    tollgate guard sessions 2>/dev/null || true
+}
+`;
+/**
+ * Fish hook script using key binding.
+ *
+ * Fish doesn't support true preexec that can cancel commands,
+ * so we bind Enter to a custom function.
+ */
+export const FISH_HOOK = `# Tollgate Guard - Fish Hook
+# Usage: tollgate guard hook fish | source
+# Or add to ~/.config/fish/config.fish: tollgate guard hook fish | source
+# Skip if already installed
+set -q __TOLLGATE_GUARD_INSTALLED; and exit 0
+function __tollgate_guard_check
+    # Skip if disabled
+    set -q TOLLGATE_GUARD_DISABLED; and return 0
+    # Skip empty command
+    set -l cmd (commandline -b)
+    test -z "$cmd"; and return 0
+    # Skip if already running
+    set -q __TOLLGATE_GUARD_RUNNING; and return 0
+    # Fast path for safe commands
+    set -l first_word (string split ' ' -- $cmd)[1]
+    switch $first_word
+        case ls cd pwd echo cat less more head tail grep find which type man help history alias
+            return 0
+    end
+    # Fast path for git read-only
+    switch $cmd
+        case "git status*" "git diff*" "git log*" "git branch*" "git show*"
+            return 0
+    end
+    set -g __TOLLGATE_GUARD_RUNNING 1
+    # Call tollgate guard check
+    if tollgate guard check "$cmd" </dev/tty 2>/dev/tty
+        set -e __TOLLGATE_GUARD_RUNNING
+        return 0
+    else
+        set -e __TOLLGATE_GUARD_RUNNING
+        commandline ""
+        echo "Command cancelled by Tollgate Guard"
+        return 1
+    end
+end
+function __tollgate_guard_execute
+    if __tollgate_guard_check
+        commandline -f execute
+    end
+end
+# Bind Enter key to our function
+bind \\r __tollgate_guard_execute
+bind \\n __tollgate_guard_execute
+set -g __TOLLGATE_GUARD_INSTALLED 1
+# Helper functions
+function tollgate-guard-disable
+    set -gx TOLLGATE_GUARD_DISABLED 1
+    echo "Tollgate Guard disabled for this session"
+end
+function tollgate-guard-enable
+    set -e TOLLGATE_GUARD_DISABLED
+    echo "Tollgate Guard enabled"
+end
+function tollgate-guard-status
+    if set -q TOLLGATE_GUARD_DISABLED
+        echo "Tollgate Guard: DISABLED"
+    else
+        echo "Tollgate Guard: ENABLED"
+    end
+    tollgate guard sessions 2>/dev/null; or true
+end
+`;
+/**
+ * Get the appropriate hook script for a shell.
+ *
+ * @param shell - Shell type (bash, zsh, fish)
+ * @returns Hook script content
+ */
+export function getHookScript(shell) {
+    switch (shell.toLowerCase()) {
+        case 'bash':
+            return BASH_HOOK;
+        case 'zsh':
+            return ZSH_HOOK;
+        case 'fish':
+            return FISH_HOOK;
+        default:
+            throw new Error(`Unsupported shell: ${shell}. Supported shells: bash, zsh, fish`);
+    }
+}
+/**
+ * Detect the current shell from environment.
+ */
+export function detectShell() {
+    const shell = process.env.SHELL ?? '';
+    if (shell.includes('zsh')) {
+        return 'zsh';
+    }
+    if (shell.includes('fish')) {
+        return 'fish';
+    }
+    if (shell.includes('bash')) {
+        return 'bash';
+    }
+    // Default to bash
+    return 'bash';
+}
+/**
+ * Get the shell configuration file path.
+ */
+export function getShellConfigPath(shell) {
+    const home = process.env.HOME ?? '~';
+    switch (shell.toLowerCase()) {
+        case 'bash':
+            return `${home}/.bashrc`;
+        case 'zsh':
+            return `${home}/.zshrc`;
+        case 'fish':
+            return `${home}/.config/fish/config.fish`;
+        default:
+            return `${home}/.bashrc`;
+    }
+}
+/**
+ * Generate the line to add to shell config.
+ */
+export function getConfigLine(shell) {
+    switch (shell.toLowerCase()) {
+        case 'bash':
+        case 'zsh':
+            return 'eval "$(tollgate guard hook ' + shell + ')"';
+        case 'fish':
+            return 'tollgate guard hook fish | source';
+        default:
+            return 'eval "$(tollgate guard hook bash)"';
+    }
+}
+//# sourceMappingURL=index.js.map

package/dist/guard/hooks/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/guard/hooks/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;;;;;;;GAQG;AACH,MAAM,CAAC,MAAM,SAAS,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA6ExB,CAAC;AAEF;;;;;GAKG;AACH,MAAM,CAAC,MAAM,QAAQ,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA4EvB,CAAC;AAEF;;;;;GAKG;AACH,MAAM,CAAC,MAAM,SAAS,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA4ExB,CAAC;AAEF;;;;;GAKG;AACH,MAAM,UAAU,aAAa,CAAC,KAAa;IACzC,QAAQ,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;QAC5B,KAAK,MAAM;YACT,OAAO,SAAS,CAAC;QACnB,KAAK,KAAK;YACR,OAAO,QAAQ,CAAC;QAClB,KAAK,MAAM;YACT,OAAO,SAAS,CAAC;QACnB;YACE,MAAM,IAAI,KAAK,CAAC,sBAAsB,KAAK,qCAAqC,CAAC,CAAC;IACtF,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW;IACzB,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,KAAK,IAAI,EAAE,CAAC;IAEtC,IAAI,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QAC3B,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QAC3B,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,kBAAkB;IAClB,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,KAAa;IAC9C,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC;IAErC,QAAQ,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;QAC5B,KAAK,MAAM;YACT,OAAO,GAAG,IAAI,UAAU,CAAC;QAC3B,KAAK,KAAK;YACR,OAAO,GAAG,IAAI,SAAS,CAAC;QAC1B,KAAK,MAAM;YACT,OAAO,GAAG,IAAI,2BAA2B,CAAC;QAC5C;YACE,OAAO,GAAG,IAAI,UAAU,CAAC;IAC7B,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,KAAa;IACzC,QAAQ,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;QAC5B,KAAK,MAAM,CAAC;QACZ,KAAK,KAAK;YACR,OAAO,8BAA8B,GAAG,KAAK,GAAG,IAAI,CAAC;QACvD,KAAK,MAAM;YACT,OAAO,mCAAmC,CAAC;QAC7C;YACE,OAAO,oCAAoC,CAAC;IAChD,CAAC;AACH,CAAC"}

package/dist/guard/index.d.ts ADDED Viewed

@@ -0,0 +1,29 @@
+/**
+ * Tollgate Guard - AI Shell Guardian
+ *
+ * Intercepts and validates shell commands before execution,
+ * protecting developers from dangerous AI-suggested commands.
+ *
+ * @packageDocumentation
+ */
+export type { GuardConfig, GuardContext, GuardResult, GuardEngineOptions, GuardRule, DenyPattern, GuardAction, RiskActionMapping, GuardSessionConfig, GuardFastPathConfig, GuardAuditConfig, GuardUIConfig, GuardAuditRecord, } from './types.js';
+export { DEFAULT_GUARD_CONFIG, DEFAULT_RISK_ACTIONS, DEFAULT_SESSION_CONFIG, DEFAULT_FAST_PATH_CONFIG, DEFAULT_AUDIT_CONFIG, DEFAULT_UI_CONFIG, loadGuardConfig, validateGuardConfig, getConfigPaths, compileRules, compileDenylist, type CompiledRule, type CompiledDenyPattern, } from './config.js';
+export { GuardEngine, createGuardEngine } from './engine.js';
+export { EnhancedGuardEngine, createEnhancedGuardEngine, type EnhancedGuardEngineOptions, type EnhancedGuardResult, } from './enhanced-engine.js';
+export { ContextProvider, createContextProvider, calculateRiskModifier, } from './context/index.js';
+export type { EnhancedGuardContext, ProjectContext, ProjectType, GitContext, DirectoryContext, EnvironmentContext, } from './context/types.js';
+export { detectProject, isRegenerablePath } from './context/project.js';
+export { getGitContext, canRecoverFromGit, wouldAffectUncommittedWork } from './context/git.js';
+export { scoreSensitivity, getSensitivePathsAffected } from './context/directory.js';
+export { detectEnvironment, getEnvironmentRiskModifier } from './context/environment.js';
+export { AlternativesFinder, createAlternativesFinder, findAlternatives, formatAlternatives, getSafestAlternative, } from './alternatives/index.js';
+export type { SaferAlternative, AlternativeResult, AlternativeMapping, } from './alternatives/types.js';
+export { PreviewGenerator, createPreviewGenerator, generatePreview, formatPreview, isDangerousPreview, getPreviewSummary, parseCommand, analyzeEffects, calculateImpact, } from './preview/index.js';
+export type { CommandPreview, PreviewOptions, ParsedCommand, CommandEffect, ImpactAssessment, } from './preview/types.js';
+export { ReversibilityAnalyzer, createReversibilityAnalyzer, assessReversibility, formatReversibility, requiresReversibilityWarning, getReversibilityIcon, getReversibilityColor, } from './reversibility/index.js';
+export type { ReversibilityLevel, ReversibilityFactor, ReversibilityAssessment, } from './reversibility/index.js';
+export { LearningEngine, createLearningEngine, createLearningEngineWithPath, JsonLearningStorage, formatLearningStats, hasEnoughDataForSuggestions, extractPattern, groupByPattern, buildLearnedPatterns, analyzeAndSuggest, formatSuggestions, exportSuggestionsAsYaml, suggestionToRule, DEFAULT_LEARNING_CONFIG, } from './learning/index.js';
+export type { ApprovalRecord, ApprovalContext, LearnedPattern, RuleSuggestion, LearningStorage, LearningStats, LearningConfig, } from './learning/types.js';
+export { EnhancedTerminalApprovalHandler, createEnhancedApprovalHandler, } from './approval/enhanced-terminal.js';
+export type { EnhancedApprovalRequest, EnhancedApprovalResponse, } from './approval/enhanced-terminal.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/guard/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/guard/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,YAAY,EACV,WAAW,EACX,YAAY,EACZ,WAAW,EACX,kBAAkB,EAClB,SAAS,EACT,WAAW,EACX,WAAW,EACX,iBAAiB,EACjB,kBAAkB,EAClB,mBAAmB,EACnB,gBAAgB,EAChB,aAAa,EACb,gBAAgB,GACjB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,oBAAoB,EACpB,oBAAoB,EACpB,sBAAsB,EACtB,wBAAwB,EACxB,oBAAoB,EACpB,iBAAiB,EACjB,eAAe,EACf,mBAAmB,EACnB,cAAc,EACd,YAAY,EACZ,eAAe,EACf,KAAK,YAAY,EACjB,KAAK,mBAAmB,GACzB,MAAM,aAAa,CAAC;AAGrB,OAAO,EAAE,WAAW,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAG7D,OAAO,EACL,mBAAmB,EACnB,yBAAyB,EACzB,KAAK,0BAA0B,EAC/B,KAAK,mBAAmB,GACzB,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EACL,eAAe,EACf,qBAAqB,EACrB,qBAAqB,GACtB,MAAM,oBAAoB,CAAC;AAC5B,YAAY,EACV,oBAAoB,EACpB,cAAc,EACd,WAAW,EACX,UAAU,EACV,gBAAgB,EAChB,kBAAkB,GACnB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AACxE,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,0BAA0B,EAAE,MAAM,kBAAkB,CAAC;AAChG,OAAO,EAAE,gBAAgB,EAAE,yBAAyB,EAAE,MAAM,wBAAwB,CAAC;AACrF,OAAO,EAAE,iBAAiB,EAAE,0BAA0B,EAAE,MAAM,0BAA0B,CAAC;AAGzF,OAAO,EACL,kBAAkB,EAClB,wBAAwB,EACxB,gBAAgB,EAChB,kBAAkB,EAClB,oBAAoB,GACrB,MAAM,yBAAyB,CAAC;AACjC,YAAY,EACV,gBAAgB,EAChB,iBAAiB,EACjB,kBAAkB,GACnB,MAAM,yBAAyB,CAAC;AAGjC,OAAO,EACL,gBAAgB,EAChB,sBAAsB,EACtB,eAAe,EACf,aAAa,EACb,kBAAkB,EAClB,iBAAiB,EACjB,YAAY,EACZ,cAAc,EACd,eAAe,GAChB,MAAM,oBAAoB,CAAC;AAC5B,YAAY,EACV,cAAc,EACd,cAAc,EACd,aAAa,EACb,aAAa,EACb,gBAAgB,GACjB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EACL,qBAAqB,EACrB,2BAA2B,EAC3B,mBAAmB,EACnB,mBAAmB,EACnB,4BAA4B,EAC5B,oBAAoB,EACpB,qBAAqB,GACtB,MAAM,0BAA0B,CAAC;AAClC,YAAY,EACV,kBAAkB,EAClB,mBAAmB,EACnB,uBAAuB,GACxB,MAAM,0BAA0B,CAAC;AAGlC,OAAO,EACL,cAAc,EACd,oBAAoB,EACpB,4BAA4B,EAC5B,mBAAmB,EACnB,mBAAmB,EACnB,2BAA2B,EAC3B,cAAc,EACd,cAAc,EACd,oBAAoB,EACpB,iBAAiB,EACjB,iBAAiB,EACjB,uBAAuB,EACvB,gBAAgB,EAChB,uBAAuB,GACxB,MAAM,qBAAqB,CAAC;AAC7B,YAAY,EACV,cAAc,EACd,eAAe,EACf,cAAc,EACd,cAAc,EACd,eAAe,EACf,aAAa,EACb,cAAc,GACf,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EACL,+BAA+B,EAC/B,6BAA6B,GAC9B,MAAM,iCAAiC,CAAC;AACzC,YAAY,EACV,uBAAuB,EACvB,wBAAwB,GACzB,MAAM,iCAAiC,CAAC"}

package/dist/guard/index.js ADDED Viewed

@@ -0,0 +1,31 @@
+/**
+ * Tollgate Guard - AI Shell Guardian
+ *
+ * Intercepts and validates shell commands before execution,
+ * protecting developers from dangerous AI-suggested commands.
+ *
+ * @packageDocumentation
+ */
+// Configuration
+export { DEFAULT_GUARD_CONFIG, DEFAULT_RISK_ACTIONS, DEFAULT_SESSION_CONFIG, DEFAULT_FAST_PATH_CONFIG, DEFAULT_AUDIT_CONFIG, DEFAULT_UI_CONFIG, loadGuardConfig, validateGuardConfig, getConfigPaths, compileRules, compileDenylist, } from './config.js';
+// Base Engine
+export { GuardEngine, createGuardEngine } from './engine.js';
+// Enhanced Engine
+export { EnhancedGuardEngine, createEnhancedGuardEngine, } from './enhanced-engine.js';
+// Context System
+export { ContextProvider, createContextProvider, calculateRiskModifier, } from './context/index.js';
+export { detectProject, isRegenerablePath } from './context/project.js';
+export { getGitContext, canRecoverFromGit, wouldAffectUncommittedWork } from './context/git.js';
+export { scoreSensitivity, getSensitivePathsAffected } from './context/directory.js';
+export { detectEnvironment, getEnvironmentRiskModifier } from './context/environment.js';
+// Alternatives Engine
+export { AlternativesFinder, createAlternativesFinder, findAlternatives, formatAlternatives, getSafestAlternative, } from './alternatives/index.js';
+// Preview System
+export { PreviewGenerator, createPreviewGenerator, generatePreview, formatPreview, isDangerousPreview, getPreviewSummary, parseCommand, analyzeEffects, calculateImpact, } from './preview/index.js';
+// Reversibility Analyzer
+export { ReversibilityAnalyzer, createReversibilityAnalyzer, assessReversibility, formatReversibility, requiresReversibilityWarning, getReversibilityIcon, getReversibilityColor, } from './reversibility/index.js';
+// Learning System
+export { LearningEngine, createLearningEngine, createLearningEngineWithPath, JsonLearningStorage, formatLearningStats, hasEnoughDataForSuggestions, extractPattern, groupByPattern, buildLearnedPatterns, analyzeAndSuggest, formatSuggestions, exportSuggestionsAsYaml, suggestionToRule, DEFAULT_LEARNING_CONFIG, } from './learning/index.js';
+// Enhanced Approval UI
+export { EnhancedTerminalApprovalHandler, createEnhancedApprovalHandler, } from './approval/enhanced-terminal.js';
+//# sourceMappingURL=index.js.map

package/dist/guard/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/guard/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAmBH,gBAAgB;AAChB,OAAO,EACL,oBAAoB,EACpB,oBAAoB,EACpB,sBAAsB,EACtB,wBAAwB,EACxB,oBAAoB,EACpB,iBAAiB,EACjB,eAAe,EACf,mBAAmB,EACnB,cAAc,EACd,YAAY,EACZ,eAAe,GAGhB,MAAM,aAAa,CAAC;AAErB,cAAc;AACd,OAAO,EAAE,WAAW,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAE7D,kBAAkB;AAClB,OAAO,EACL,mBAAmB,EACnB,yBAAyB,GAG1B,MAAM,sBAAsB,CAAC;AAE9B,iBAAiB;AACjB,OAAO,EACL,eAAe,EACf,qBAAqB,EACrB,qBAAqB,GACtB,MAAM,oBAAoB,CAAC;AAS5B,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AACxE,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,0BAA0B,EAAE,MAAM,kBAAkB,CAAC;AAChG,OAAO,EAAE,gBAAgB,EAAE,yBAAyB,EAAE,MAAM,wBAAwB,CAAC;AACrF,OAAO,EAAE,iBAAiB,EAAE,0BAA0B,EAAE,MAAM,0BAA0B,CAAC;AAEzF,sBAAsB;AACtB,OAAO,EACL,kBAAkB,EAClB,wBAAwB,EACxB,gBAAgB,EAChB,kBAAkB,EAClB,oBAAoB,GACrB,MAAM,yBAAyB,CAAC;AAOjC,iBAAiB;AACjB,OAAO,EACL,gBAAgB,EAChB,sBAAsB,EACtB,eAAe,EACf,aAAa,EACb,kBAAkB,EAClB,iBAAiB,EACjB,YAAY,EACZ,cAAc,EACd,eAAe,GAChB,MAAM,oBAAoB,CAAC;AAS5B,yBAAyB;AACzB,OAAO,EACL,qBAAqB,EACrB,2BAA2B,EAC3B,mBAAmB,EACnB,mBAAmB,EACnB,4BAA4B,EAC5B,oBAAoB,EACpB,qBAAqB,GACtB,MAAM,0BAA0B,CAAC;AAOlC,kBAAkB;AAClB,OAAO,EACL,cAAc,EACd,oBAAoB,EACpB,4BAA4B,EAC5B,mBAAmB,EACnB,mBAAmB,EACnB,2BAA2B,EAC3B,cAAc,EACd,cAAc,EACd,oBAAoB,EACpB,iBAAiB,EACjB,iBAAiB,EACjB,uBAAuB,EACvB,gBAAgB,EAChB,uBAAuB,GACxB,MAAM,qBAAqB,CAAC;AAW7B,uBAAuB;AACvB,OAAO,EACL,+BAA+B,EAC/B,6BAA6B,GAC9B,MAAM,iCAAiC,CAAC"}

package/dist/guard/learning/index.d.ts ADDED Viewed

@@ -0,0 +1,136 @@
+/**
+ * Pattern Learning System for Shell Guardian
+ *
+ * Records approval decisions and learns patterns to suggest
+ * policy improvements over time.
+ */
+import type { ApprovalRecord, LearnedPattern, RuleSuggestion, LearningStorage, LearningStats, LearningConfig, GetRecordsOptions } from './types.js';
+import type { GuardConfig } from '../types.js';
+import type { EnhancedGuardContext } from '../context/types.js';
+import type { RiskLevel } from '../../analyzers/types.js';
+export type { ApprovalRecord, ApprovalContext, LearnedPattern, RuleSuggestion, LearningStorage, LearningStats, LearningConfig, } from './types.js';
+export { DEFAULT_LEARNING_CONFIG } from './types.js';
+export { extractPattern, groupByPattern, buildLearnedPatterns, patternSimilarity, findSimilarPatterns, } from './pattern-extractor.js';
+export { analyzeAndSuggest, formatSuggestions, exportSuggestionsAsYaml, suggestionToRule, findRefinementOpportunities, } from './rule-suggester.js';
+/**
+ * JSON file-based learning storage.
+ */
+export declare class JsonLearningStorage implements LearningStorage {
+    private readonly path;
+    private data;
+    constructor(path?: string);
+    /**
+     * Load data from file.
+     */
+    private load;
+    /**
+     * Save data to file.
+     */
+    private save;
+    saveRecord(record: ApprovalRecord): Promise<void>;
+    getRecords(options?: GetRecordsOptions): Promise<ApprovalRecord[]>;
+    getRecordsByPattern(pattern: string): Promise<ApprovalRecord[]>;
+    saveSuggestion(suggestion: RuleSuggestion): Promise<void>;
+    getSuggestions(): Promise<RuleSuggestion[]>;
+    updateSuggestion(id: string, update: Partial<RuleSuggestion>): Promise<void>;
+    clear(): Promise<void>;
+    getStats(): Promise<LearningStats>;
+}
+/**
+ * Learning Engine for Shell Guardian.
+ *
+ * Manages recording of approval decisions and generation
+ * of rule suggestions based on learned patterns.
+ */
+export declare class LearningEngine {
+    private readonly storage;
+    private readonly config;
+    private recordStartTime?;
+    constructor(storage?: LearningStorage, config?: Partial<LearningConfig>);
+    /**
+     * Start timing a decision.
+     * Call this when showing the approval prompt.
+     */
+    startDecisionTimer(): void;
+    /**
+     * Record an approval decision.
+     *
+     * @param command - The command that was evaluated
+     * @param decision - The user's decision
+     * @param context - Enhanced guard context
+     * @param options - Additional options
+     */
+    record(command: string, decision: 'approved' | 'denied' | 'timeout', context: EnhancedGuardContext, options: {
+        riskLevel: RiskLevel;
+        chosenAlternative?: string;
+        sessionGrant?: {
+            scope: string;
+            duration: string;
+        };
+    }): Promise<void>;
+    /**
+     * Get all approval records.
+     */
+    getRecords(options?: GetRecordsOptions): Promise<ApprovalRecord[]>;
+    /**
+     * Get learned patterns from history.
+     */
+    getLearnedPatterns(): Promise<LearnedPattern[]>;
+    /**
+     * Generate rule suggestions based on learned patterns.
+     */
+    generateSuggestions(existingConfig?: GuardConfig): Promise<RuleSuggestion[]>;
+    /**
+     * Get existing suggestions.
+     */
+    getSuggestions(): Promise<RuleSuggestion[]>;
+    /**
+     * Accept a suggestion.
+     */
+    acceptSuggestion(id: string): Promise<void>;
+    /**
+     * Dismiss a suggestion.
+     */
+    dismissSuggestion(id: string): Promise<void>;
+    /**
+     * Get learning statistics.
+     */
+    getStats(): Promise<LearningStats>;
+    /**
+     * Clear all learning data.
+     */
+    clear(): Promise<void>;
+    /**
+     * Export suggestions as YAML for config.
+     */
+    exportSuggestionsYaml(): Promise<string>;
+    /**
+     * Format suggestions for display.
+     */
+    formatSuggestions(): Promise<string>;
+    /**
+     * Get refinement opportunities.
+     */
+    getRefinementOpportunities(): Promise<Array<{
+        pattern: string;
+        reason: string;
+        suggestion: string;
+    }>>;
+}
+/**
+ * Create a learning engine with default storage.
+ */
+export declare function createLearningEngine(config?: Partial<LearningConfig>): LearningEngine;
+/**
+ * Create a learning engine with custom storage path.
+ */
+export declare function createLearningEngineWithPath(storagePath: string, config?: Partial<LearningConfig>): LearningEngine;
+/**
+ * Format learning stats for display.
+ */
+export declare function formatLearningStats(stats: LearningStats): string;
+/**
+ * Quick check if there's enough data for suggestions.
+ */
+export declare function hasEnoughDataForSuggestions(engine: LearningEngine, minRecords?: number): Promise<boolean>;
+//# sourceMappingURL=index.d.ts.map

package/dist/guard/learning/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/guard/learning/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAMH,OAAO,KAAK,EACV,cAAc,EACd,cAAc,EACd,cAAc,EACd,eAAe,EACf,aAAa,EACb,cAAc,EACd,iBAAiB,EAClB,MAAM,YAAY,CAAC;AASpB,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAChE,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,0BAA0B,CAAC;AAG1D,YAAY,EACV,cAAc,EACd,eAAe,EACf,cAAc,EACd,cAAc,EACd,eAAe,EACf,aAAa,EACb,cAAc,GACf,MAAM,YAAY,CAAC;AAEpB,OAAO,EAAE,uBAAuB,EAAE,MAAM,YAAY,CAAC;AAGrD,OAAO,EACL,cAAc,EACd,cAAc,EACd,oBAAoB,EACpB,iBAAiB,EACjB,mBAAmB,GACpB,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EACL,iBAAiB,EACjB,iBAAiB,EACjB,uBAAuB,EACvB,gBAAgB,EAChB,2BAA2B,GAC5B,MAAM,qBAAqB,CAAC;AAO7B;;GAEG;AACH,qBAAa,mBAAoB,YAAW,eAAe;IACzD,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAS;IAC9B,OAAO,CAAC,IAAI,CAAe;gBAEf,IAAI,GAAE,MAA6B;IAK/C;;OAEG;IACH,OAAO,CAAC,IAAI;IAiBZ;;OAEG;IACH,OAAO,CAAC,IAAI;IAQN,UAAU,CAAC,MAAM,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC;IAKjD,UAAU,CAAC,OAAO,CAAC,EAAE,iBAAiB,GAAG,OAAO,CAAC,cAAc,EAAE,CAAC;IAwBlE,mBAAmB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,EAAE,CAAC;IAI/D,cAAc,CAAC,UAAU,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC;IASzD,cAAc,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;IAI3C,gBAAgB,CAAC,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,cAAc,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC;IAQ5E,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAStB,QAAQ,IAAI,OAAO,CAAC,aAAa,CAAC;CA4BzC;AAWD;;;;;GAKG;AACH,qBAAa,cAAc;IACzB,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAkB;IAC1C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAiB;IACxC,OAAO,CAAC,eAAe,CAAC,CAAS;gBAG/B,OAAO,CAAC,EAAE,eAAe,EACzB,MAAM,GAAE,OAAO,CAAC,cAAc,CAAM;IAMtC;;;OAGG;IACH,kBAAkB,IAAI,IAAI;IAM1B;;;;;;;OAOG;IACG,MAAM,CACV,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,UAAU,GAAG,QAAQ,GAAG,SAAS,EAC3C,OAAO,EAAE,oBAAoB,EAC7B,OAAO,EAAE;QACP,SAAS,EAAE,SAAS,CAAC;QACrB,iBAAiB,CAAC,EAAE,MAAM,CAAC;QAC3B,YAAY,CAAC,EAAE;YAAE,KAAK,EAAE,MAAM,CAAC;YAAC,QAAQ,EAAE,MAAM,CAAA;SAAE,CAAC;KACpD,GACA,OAAO,CAAC,IAAI,CAAC;IA6BhB;;OAEG;IACG,UAAU,CAAC,OAAO,CAAC,EAAE,iBAAiB,GAAG,OAAO,CAAC,cAAc,EAAE,CAAC;IAIxE;;OAEG;IACG,kBAAkB,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;IAMrD;;OAEG;IACG,mBAAmB,CAAC,cAAc,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,cAAc,EAAE,CAAC;IAYlF;;OAEG;IACG,cAAc,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;IAIjD;;OAEG;IACG,gBAAgB,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIjD;;OAEG;IACG,iBAAiB,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIlD;;OAEG;IACG,QAAQ,IAAI,OAAO,CAAC,aAAa,CAAC;IAIxC;;OAEG;IACG,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAI5B;;OAEG;IACG,qBAAqB,IAAI,OAAO,CAAC,MAAM,CAAC;IAM9C;;OAEG;IACG,iBAAiB,IAAI,OAAO,CAAC,MAAM,CAAC;IAM1C;;OAEG;IACG,0BAA0B,IAAI,OAAO,CAAC,KAAK,CAAC;QAChD,OAAO,EAAE,MAAM,CAAC;QAChB,MAAM,EAAE,MAAM,CAAC;QACf,UAAU,EAAE,MAAM,CAAC;KACpB,CAAC,CAAC;CAIJ;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAClC,MAAM,CAAC,EAAE,OAAO,CAAC,cAAc,CAAC,GAC/B,cAAc,CAEhB;AAED;;GAEG;AACH,wBAAgB,4BAA4B,CAC1C,WAAW,EAAE,MAAM,EACnB,MAAM,CAAC,EAAE,OAAO,CAAC,cAAc,CAAC,GAC/B,cAAc,CAGhB;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,aAAa,GAAG,MAAM,CAyBhE;AAED;;GAEG;AACH,wBAAsB,2BAA2B,CAC/C,MAAM,EAAE,cAAc,EACtB,UAAU,SAAK,GACd,OAAO,CAAC,OAAO,CAAC,CAGlB"}